BETAUSER for a 90-day free trial (30 days plus 60 more) and help shape CRANIS2 before the CRA deadlines.
Join the beta
EU cybersecurity regulations and the quantum computing transition are reshaping how organisations build and operate digital products and services. Our free assessments help you understand where you stand and what you need to do next.
For manufacturers and developers of products with digital elements. Determine your product’s risk category, required conformity assessment module, and get a personalised maturity report covering vulnerability management, SBOMs, security by design, and technical documentation.
For companies importing products with digital elements into the EU market. Check whether you meet your obligations under CRA Article 18, covering manufacturer verification, supply chain traceability, vulnerability reporting, and documentation retention.
For organisations in essential and important sectors. Determine your entity classification, supervision regime, and penalty exposure. Get a maturity assessment covering governance, risk management, incident reporting, supply chain security, business continuity, and technical measures.
For any organisation using cryptography. Assess your exposure to quantum computing threats across key types, rotation cycles, crypto agility, data sensitivity, and migration planning. Aligned with NIST FIPS 203/204/205 and CNSA 2.0 timelines.
Find EU-designated conformity assessment bodies for the Cyber Resilience Act. Search by country, accredited module (B, C, H), and sector. Includes a decision tool to determine which conformity assessment module your product requires.
Critical product? Determine whether you need to register with a market surveillance authority under CRA Art. 20 using our interactive decision tree. Searchable directory of national authorities across the EU and EEA.
Rate your supply chain risk across five key areas: dependency inventory, vulnerability monitoring, supplier visibility, licence compliance, and resilience. Aligned with CRA Art. 13(5) and NIS2 Art. 21.
Is your incident response process CRA-ready? Interactive checklist covering detection, assessment, containment, remediation, recovery, and post-incident review. Aligned with CRA Art. 14 and ENISA reporting deadlines.
When must you notify users before support ends? Enter your support end date to generate a CRA-compliant notification timeline with milestone dates and required actions.
Non-EU manufacturer? Determine whether you need to appoint an EU Authorised Representative under CRA Art. 15. Includes responsibilities and appointment requirements.
What to do when you discover your product is non-compliant. Step-by-step process for manufacturers, importers, and distributors covering corrective measures and authority notification.
All assessments are completely free and provide:
Your progress is saved automatically. You can pause and return at any time. We will never spam you or share your information.
If you’ve already started an assessment, just select the same one again and sign in with the same email address. Your progress will be restored automatically and you’ll continue from where you left off.